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(57) Abstract: A system is disclosed for secure communication between an inteirpgator and an RFID tag. The system includes 
means for singulating the tag in a population of RFID tags and means for extracting fix)m the tag, identity data adapted to uniquely 
identify the tag. The system further includes means for securely communicating the identity data to a secure database, means for 
providing authentication data by the database and means for securely conununicating the authenticating data to the interrogator. 
The system also includes means for providing a further comunication between the tag and the interrogator, and wherein at least one 
stream of data between the tag and the inteirogalor includes random data generated via a random physical process. The tag and 
database may each include means for maintaining a count of secure authentications. The count may be separately maintained by the 
tag and database and may be incremented following each secure authentication. A method for secure communication between an 
inteirogator and an RFID tag is also disclosed. 
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SECURE DATA TAGGING SYSTEMS 
FIELD OF THE INVENTION 

5 

The present invention relates to an object managennent system wherein 
information bearing electronically coded radio frequency identification (RFID) 
tags are attached to objects which are to be identified, sorted, controlled and/or 
audited. In particular the present invention relates to a system for 
1 0 authenticating RFID tags including the infonnation that is contained in the tags. 

BACKGROUND OF THE INVENTION 

The object management system of the present Invention includes information 
1 5 passing between an intemogator which creates an electromagnetic interrogation 
field, and the electronically coded tags, which respond by issuing a reply signal 
that is detected by the interrogator, decoded and consequently supplied to other 
apparatus in the sorting, controlling or auditing process. The objects to which 
the tags are attached may be animate or inanimate. In some variants of the 
20 system the interrogation medium may be other than electromagnetic, such as 
optical and/or acoustic. 

Typically each tag in a population of such tags may have an identity that is 
defined by a unique number or code that is assigned to each tag, in a global 
25 numbering scheme. The tags may also cany other fixed or variable data. 
Communications between the interrogator and tags is via a radio-frequency 
electromagnetic link that is inherently insecure and susceptible to 
eavesdropping, or the insertion of bogus signals. 

30 Under normal operation the tags may be passive, i.e. they may have no internal 
energy source and may ot)tain energy for their reply from the interrogation field, 
or they may be active and may contain an internal energy source, for example a 
battery. Such tags respond only when they are within or have recently passed 
through the interrogation field. The intenx)gation field may include functions 
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such as signalling to an active tag when to commence a reply or series of 
replies or selecting a single tag among a population of such tags, or in the case 
of passive tags may provide energy, a portion of which may be used in 
constructing the reply. 

5 

One example of an insecure electronic tag reading system is illustrated in 
Figure 1 . In Figure 1 an interrogator 1 1 . containing a transmitter and receiver, 
both operating under a controller, communicate via electromagnetic means with 
a code responding electronic tag 10. This system has a disadvantage in that 

10 Information passing between tag 10 and interrogator 11 is directly related to 
information stored within tag 1 0. A further disadvantage is that the process of 
communication between tag 10 and interrogator 11 is susceptible to 
eavesdropping. Because such communication is normally carried out by 
electromagnetic waves, a clandestine receiver located nearby may make a 

15 record of the communication and deduce the data content of a legitimate tag. 
Knowledge of such data content may subsequentiy allow counterfeit tags to be 
manufactured by an unscrupulous party or parties. Such tags may appear 
legitimate because they can generate data content that is indistinguishable from 
genuine tags. Eavesdropping may take place either on interrogator to tag 

20 communication or tag to interrogator communication. Because of a substantial 
difference in signal levels involved, communication in the direction from 
interrogator to tag is much more vulnerable to eavesdropping than is 
communication in the reverse direction. 

25 In some systems it is important to guard against eavesdropping in one, other or 
both directions or even to conceal the fact that an information extraction 
process is under way. Guarding against eavesdropping is particularly important 
when private information is being extracted from the tag. 

30 Communication between the interrogator and tag is firequentiy via an exchange 
of messages in a half duplex mode, but in some systems single bits of data may 
alternately be sent between interrogator and tag. In this case it is common to 
regard the process of extraction of data from the tag as equivalent to 
exploration of a binary tree as illustrated in Figure 2. In Figure 2 different bits of 
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a tag identity or tag internal data correspond to different levels of the tree, and a 
single tag with particular data corresponds to a particular path through the tree. 
Different paths through the tree correspond to different tags with different data. 

5 As discussed above, ft is desirable to ensure that tags are authentic, and not 
substitute tags which produce easily predictable responses of nonnal 
unencoded Identification tags. An ability to provide such assurances may be 
required in pnxiuct authentication, baggage reconciliation, secure entry systems 
and the like. 

10 

In a number of situations ft may also be important that the flow of information 
between the tag and the Interrogator is not meaningful to an eavesdropper. This 
may include sftuations where economic or milftary advantage can be gained 
fiom such information becoming known, or when owners of goods with attached 
15 tags desire to keep their ownership private. Hence, ft is desirable to guard 
against eavesdropping on the process of communication between an electronic 
tag and Ite interrogator. 

One defence against eavesdropping employs encryption of data passing 
20 between interrogator and tag. However, installation of complex drouits with 
encryption engines in the tag poses excessive demands on tags designs, which 
should be maintained as simple as possible for reason of costs. Moreover, 
even if such encryption engines are used, available encryption algorithms may 
still allow detemilned analysts to determine the parameters of those algorithms 
25 from eavesdropping operations. 

SUMMARY OF THE INVENTION 

The present invention provkles a system that may detennine the identity or data 
30 of a tag In a manner that defeats efforts at eavesdropping on the 
electromagnetic oommunteation link. The system of the present invention may 
determine that the tag is genuine and not counterfeft. The system of the 
present Inventton may provMe a relatively high level of security that is 
comparable to systems that make use of non re-used truly random codes. The 
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system of the present invention may produce these results with a relatively 
simple and low cost tag. The system may also be capable of disguising the fact 
that an information extraction process is in progress. 

5 The system of the present invention may, with addition to a tag of a simple and 
relatively small size writeabte memory and acceptance of a limitation that there 
may be a limited number of authentications between operations of recharging 
the tag in a secure environment, provide an authentication system that matches 
the security of a one-time code. The system may also be used to extract in a 
10 secure way variable data from RFID tags. As part of the system, the 
interrogator nnay interact not only with the tag but also through secure 
communications with a secure database containing for each tag, security 
information used in the authentication process (refer Figure 3). 

15 Prior to a tag being put into service, one or more random codes may be 
generated for each tag by a truly random physical process. The random codes 
may be used to provide authentication test keys or numbers. The random 
codes may be loaded in a secure way into both the database and each tag. In 
the database, the random codes for each tag may be associated with an 

20 unencrypted tag serial number, or a separate but randomly chosen number that 
may be read from the tag by conventional tag intenrogation processes. 

In one embodiment communication between an interrogator and a single tag 
may be achieved through spatial separation between tags and their placement 
25 in close proximity to the interrogator. 

The authentication system of the present invention may achieve extraordinary 
levels of security without a requirement to install within the tags complex circuits 
of encryption engines. The system may therefore be suitable for installation in 
30 relatively low cost RFID tags. The exbnaordinary levels of security are available 
because the system makes use of utterly random codes generated by a truly 
random physical process. The codes therefore will not t>e repeated more often 
than random numbers generated from truly random physical processes will be 
repeated. 
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According to the present invention there is pnavided a system for secure 
communication between an interrogator and an RFID tag, said system 
including: 

5 means for singulating said tag in a population of RFID tags; 

means for extracting from said tag. identity data adapted to uniquely 
Identify said tag; 

means for securely communicating said identity data to a secure 
database; 

1 0 means for providing authentication data by said database; 

means for securely communicating said authenticating data to said 
interrogator; and 

means for providing a further communication between said tag and said 
interrogator, wherein at least one stream of data between said tag and said 
1 5 interrogator includes random data generated via a random physical process. 

The tag and the database may each Include means for rnaintaining a count of 
secure authentications. The count may be separately maintained by the tag 
and the database and may be incremented following each secure 
20 authentication. 

According to a further aspect of the present invention there is provided a 
method for secure communication between an interrogator and an RFID tag, 
said method including: 
25 singulating said tag from a population of RFID tags; 

exti^cting from said tag, identity data adapted to uniquely Identify said 

tag; 

securely communicating said identity data to a secure database; 
providing authentication data by said database; 
30 securely communicating said authentication data to said interrogator: and 

providing a further communication t)etween said tag and said 
interrogator, wherein at least one stream of data between said tag and said 
interrogator includes random data generated via a random physical process. 



wo 03/050757 PCT/AU02/0167 1 

6 

The method may include the step of maintaining a count of secure 
authentications. The count may be separately maintained by the tag and the 
database and may be incremented following each secure authentication. 

5 DESCRIPTION OF A PREFERRED EMBODIMENT 

A prefenred embodiment of the present invention will now be described with 
reference to the accompanying drawings wherein: 
Figure 1 shows a conventional electronic tag reading system; 
10 Figure 2 shows how interrogation of an electronic tag may be viewed as an 
exploration of a binary tree; 

Figure 3 shows an electronic tag reading system augmented by communication 
with a secure database; 

Figure 4 shows one fbmi of architecture of a securely aufhenticable tag; 
1 5 Figure 5 shows a memory structure of a securely authenticable tag; and 
Figure 6 shows a tag reply generator in a securely authenticable tag. 

Figure 1 shows a tag reading system that is inherently insecure. It has the 
disadvantage that eavesdropping on the process of communication between 
20 electronic tag 10 and its interrogator 11. which is normally carried out by 
electromagnetic waves, allows a clandestine receiver that may be located 
nearby to make a record of the communication, and deduce the data content of 
a legitimate tag. thus allowing apparently legitimate tags to be manufactured by 
unscrupulous parties. 

25 

Figure 3 shows one embodiment of a tag reading system that has been made 
secure, in operation of the system shown in Figure 3. interrogator 20 seelcs the 
identity of tag 21 over an insecure radio frequency communications link 
represented by bold anrows 22. 23. Tag 21 responds to interrogator 20 with its 
30 identity from tag identity register 40 (refer Figure 5) over the insecure radio 
frequency link. Interrogator 20 sends the identity of tag 21 to secure database 
24 over preferably secure data link 25. For some transmissions a non-secure 
data link may be used. The data stored in tag identity register 40 may include a 
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fixed and/or variable data string and may include encrypted data and/or data 
stored In tag data register 41 (refer Figure 5). 



Database 24 uses Its data on tag Identity, its history of authentications, and 
5 stored authentication test keys to select a test key to be sent to tag 21. The 
selection may be sequential or non-sequential and may be based on records of 
the number of prior authentications which are maintained Independentiy but In 
synchronism by database 24 and tag 21 . In some embodiments a genuine test 
key sent to the tag may be mixed wltti a non-authentte test key such as before 
10 or after the genuine test key is sent to the tag. 

The selected authentication test key Is sent from database 24 to interrogator 20 
over the preferably secure data link 25. Interrogator 20 then sends the test key 
to tag 21 over Insecure radto link 22. Tag 21 produces an authentication reply 
15 to interrogator 20 over Insecure radio link 23. 



Figure 4 shows details of tag architecture Incoiporated in tag 21. Tag 21 
includes common receiving/transmitting antenna 30 connected to receiver 31 
via rectifier 32. An output of receiver 31 Is operably connected to 
20 authentication/reply circuit 33. Authentication/reply circuit 33 includes memory 
34 and reply generator 35. Reply generator 35 is operably connected to 
modulator 36. Modulator 36 is arranged such that it influences the impedance 
presented to antenna 30 via rectifier 32. 

25 Figure 5 shows the memory structure associated with memory 34 of tag 21. 
Memory 34 includes a tag identity register 40, a tag data register 41, an 
authentication test keys register 42. an authentication reply codes register 43, a 
singulation string register 44 and a scrambling string register 45. The tag 
identify, tag data, singulation string and scrambling stiing registers 40, 41 . 44 

30 and 46 may each include one row of data containing 64 bits. The test keys 
register 42 and the reply codes register 43 may each Indude 16 rows of data 
each containing 64 bits. 
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Figure 6 shows details of authentication/reply circuit 33 in tag 21. 
Authentication/repiy circuit 33 includes test unit 50 receiving data from receiver 
31 . Test unit 50 is operably connected to data selector 51 for selecting data 
from authentication reply memory 52 or from random reply generator 53 
5 according to whether an authentic or a not-authentic reply signal respectively, is 
to be sent to modulator 36 and subsequently to Interrogator 20. Test unit 50 
receives from authentication test memory 54. which includes test keys register 

• « 

42, a current test key determined by a count of authentications maintained in 
events counter 55. 

10 

The response is generated by the following njles. If a test key received by the 
tag matches a test key stored in memory register 42 at a location (eg. row) 
determined by a count of authentications maintained by the tag, an 
authentication reply code is selected from a corresponding location in 
1 5 authentication reply codes register 43 included in authentication reply memory 
52. 

If the test key received by tag 21 does not match the test key stored in memory 
register 42 at the location determined by the count of authentications 
20 maintained by the tag, the authentication response of the tag is produced by 
random reply generator 53. 

in the case of a genuine authentication, the count of tag authentications 
maintained by events counter 55 and a separate count of authentications 

25 maintained by database 24 are each incremented. For this purpose 
interrogation power to tag 21 may be maintained at an adequate level and for 
an adequate time to allow a non-volatile memory in the tag associated with 
events counter 55 that maintains a count of tag authentications to be re-written 
with its incremented value. In a preferred realisation of the system, this count 

30 may be updated before an authentication reply (authentic or not-authentic) is 
provided by tag 21. Database 24 and tag 21 may signal between them the 
count or numt>er of authentications. 
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The authentication reply is sent to secure database 24 which may checic the 
reply of the tag against a selected row in the record of expected tag replies 
which is maintained in datatiase 24, the selection depending on the count of 
authentications maintained by database 24, and may generate an authentic or a 
5 not-authentic signal. 

The authentic or not-guthentic signal is transmitted to interrogator 20 over 
secure data link 25- Interrogator 20 signals identity of tag 21 and sends an 
authentic or not-authentic signal to user 26 or whatever agent uses the output of 
10 interrx>gator 20. In some circumstances the authentic or not-authentic signal 
may be sent to an entity other than interrogator 20. 



In other circumstan<»s It may be desirable to modify the contents of memories 
52, 54 In tag 21 from a site that is remote from database 24. This may be 

15 accomplished if communication between interrogator 20 and tag 21 can be 
made secure. One way to establish secure comnminication may be to provide a 
closed or electromagnetlcally shielded communication chamber around 
interrogator 20 from which electromagnetic waves that communicate to and 
from tag 21 do not radiate to the outside world, and to place tag 21 inside the 

20 closed chamber for the duration of recharging its memory contents. 

In such a system interrogator 20, with assistance of secure database 24, may 
explore correctness of several entries in the authentication memory of tag 21 
before signalling to tag 21 that its authentication memory may be written. 

25 

To support that exploration, events counter 55 is initialised to zero each time tag 
21 receives power, and is incremented each time a successful authentication 
occurs during a period of continuous tag powering, until a predetenmined final 
value is reached, whereupon a register that pemnits writing to the memory of tag 
30 21 is enabled. The authentication memory of tag 21 and authentication count 
number may then be re-written by processes familiar to those skilled In the art 
of electronic tag design. 
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In another embodiment, communication with a single tag may be achieved by 
initially communicating with a population of tags, and then singulating a single 
tag by various techniques known in the industry as tag selection or singulation. 
In one of those techniques, transmission, without intemiption, of a selection or 
5 singulation string, may take place. After the selection string is transmitted, it 
may be compared in the tags with an internal singulation string, and only a tag 
in which a match is obtained will take part in further communication. In another 
such technique, known as tree scanning, as illustrated in part in Figure 2, the 
intenx>gator may transmit bit by bit a singulation string, and may receive 
10 responses from tags. The transmitted data may be matched against a 
singulation string in the tags, and tags which have a mismatch in their 
singulation string and that transmitted by the interrogator become progressively 
unselected, until only a single tag is selected. 

15 In common embodiments, a unique tag identity may be used as the singulation 
string. Authentication test keys and/or tag data may additionally or alternatively 
be used in singulation. The interrogator may at the first authentication operation 
read the unencrypted tag identification number or singulation string, so it knows 
which tag is being process^. 

20 

When a high level of security is desired, singulation that uses interrogator 
transmissions related to tag identity might be undesirable, in such cases, the 
tag may contain a singulation string, not related to its identity, used in a tree 
scanning process. The singulation string may be originally programmed into the 
25 tag, or may be automatically generated within it. The tags may echo the 
singulation string to the interrogator, but such echoes are relatively weak and 
are less susceptible to eavesdropping than are interrogator transmissions, and 
are in any case not meaningful to an eavesdropper except that they may 
indicate that a singulation is in progress. 

30 

During singulation, the singulation string may in part be provided by the tag, and 
followed by the interrogator, that is, the tag leads the way down the tree scan, 
and the interrogator follows. Alternatively, the singulation string may be 
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provided by the interrogator, that is. the interrogator points the way down the 
tree scan, and the tag follows as long as singulation bits match. In both cases, 
with a suitable design of tag that ignores certain intenogator signals, the 
interrogator may transmit incorrect singulation information so as to disguise the 
5 fact that genuine singulation is In progress, and thus which tag replies were the 
correct ones. Even though non re-use of singulation or response data gives 
great security, this procedure has an advantage of adding further confusion to 
an eavesdropping process. 

10 For greater security, the tag may contain a number of singulation strings that 
are not re-used. The singulation string may serve as a key to a secure database 
containing the tag identity and the correct tag reply to an authentication inquiry. 
For greater security the tag may contain a number of different conect tag replies 
that are not re-used. When the tag Is singulated by the appropriate singulation 

15 string, and provides one of the correct tag replies, and those elements are 
compared in the secure database, the tags may be regarded as authentic. 

If there is not a match between singulation bits transmitted to the tag and the 
appropriate set of singulation bits occurring within in the tag, the tag response 
20 may be a random response of the same lengtii as the authentication response. 
After consulting the secure database, and identifying which tag Is being dealt 
with, the interrogator may send one or more data streams to the tag. One of the 
data streams should match the first of a series of tag authentication test keys 
stored in memory register 42. 

25 

For an intenrogation in which there is a match of transmitted data to tag 
authenticatton test key, the tag may respond with a retum authentication code 
known only to the database. There may then be an incrementation in the tag 
and in the secure database of the content of non-volatile counters, which 
30 detemnine which of several authentication test keys Is next In force. 

For interrogations which do not so match, such as may occur when an non- 
authentic tag is interrogated, or a non-authentic intenogator performs the 
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interrogation, the tag may respond with a random code of the same length and 
general structure as an authentic response. 

In this way, eavesdropping on the transaction may not provide any clue as to 
5 the next conect authentication test key. or next tag authentication response. All 
an eavesdropper will detect is a sequence of apparently random transactions. 

In a variation pemiitting tag identity or data to be disguised, the memory may 
contain, as shown in Figure 7, in addition to its secret singulation string and 

10 secret authentication string a secret scrambling string. Using appropriate 
variations on the connections shown in Figure 7. the secret scrambling string 
may be used to modulate (digitally, an XOR operation) the tag reply when tag 
identity or data is sought. In one embodiment, the authentication string may be 
used as the scrambling string, or as an Input to a pseudo random string 

15 generation process, another input being the number of genuine tag 
authentications, the count being maintained separately within the tag and within 
the secure database. 

The use of a scrambling string may ensure that no aspect of interrogator 
20 transmission or tag response is of significance to an eavesdropper. It has an 
advantage in that variable data present in the tag, but not yet present in the 
database, may be extracted to the database in a totally secure way. 

Finally, it is to be understood that various alterations, modifications and/or 
25 additions may be introduced into the constructions and anrangements of parts 
previously described without departing from the spirit or ambit of the invention. 
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CLAIMS 

1. A system for secure communication between an interrogator and an 

RFiD tag, said system including: 
5 means for singulating said tag in a population of RFID tags; 

means for extracting from said tag, identity data adapted to uniquely 

identify said tag: 

means for securely communicating said identity data to a secure 
database; 

1 0 means for providing authentication data by said datat)ase; 

means for securely communicating said authenticating data to said 
interrogator; and 

means for providing a further communication between said tag and said 
interrogator, wherein at least one stream of data between said tag and said 
1 5 Interrogator includes random data generated via a random physical process. 

2. A system according to dalm 1 wherein said tag and said database each 
includes means for maintaining a count of secure authentications. 

20 3. A system according to claim 2 wherein said count is separately 
maintained by said tag and by said database and is incremented following each 
secure authentication. 

4. A system according to claim 1 , 2 or 3 wherein said inteniogator includes 
25 said means for extracting and means for transmitting said authenticating data to 

said tag. 

5. A system according to any one of the preceding claims wherein said tag 
includes said means for providing a further communication. 

30 

6. A system according to any one of the preceding claims including means 
for comparing said further communication with reference data for determining if 
said tag is authentic. 
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7. A system according to claim 6 wherein said interrogator includes said 
comparing means. 

8. A system according to claim 6 wherein said database includes said 
5 comparing means. 

9. A system according to any one of the preceding claims wherein said tag 
includes authentication test data for authenticating a transmission from said 
interrogator and authentication reply data for encoding a reply. 

10 

1 0. A system according to claim 9 wherein said tag includes a plurality of 
said authentication data. 

11. A system according to claim 9 or 10 wherein said database includes a 
1 5 copy of said authentication data. 

12. A system according to claim 9. 10 or 1 1 wherein said authentication data 
is not reused. 

20 13. A system according to any one of the preceding claims wherein said 
Identity data includes a fixed data string. 

14. A system according to any one of the preceding claims wherein said 
identity data includes a variable data string. 

25 

15. A system according to any one of the preceding claims wherein said 
identity data is encrypted- 

16. A system according to claim 15 wherein said encryption includes an XOR 
30 operation of said authentication data and said identity data. 

17. A method for secure communication between an interrogator and an 
RFID tag, said method including: 

singulating said tag from a population of RFID tags; 
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extracting from said tag, Identity data adapted to uniquely identify said 

tag: 

securely communicating said identity data to a secure datat>ase; 

providing authentication data by said datat>a8e; 
5 securely communicating said authentication data to said Interrogator, and 

providing a further communication between said tag and said 
interrogator, wherein at least one stream of data between said tag and said 
interrogator includes random data generated via a random physical process. 

10 18. A method according to daim 17 Including the step of maintaining a count 
of secure authentications. 

19, A method according to dalm 18 wherein said count is separately 
maintained by said tag and said database and is incremented following each 

1 5 secure authentication. 

20. A method according to claim 17. 18 or 19 wherein said further 
communication is from said tag to said interrogator. 

20 21. A method according to any one of claims 17 to 20 including comparing 
said further communication with reference data for detennining if said tag Is 
authentic. 

22. A method according to any one of claims 17 to 21 wherein said tag 
25 includes authentication test data for authenticating a transmission from said 

interrogator and authentication reply data for encoding a reply. 

23. A method according to claim 22 wherein said tag includes a plurality of 
said authentication data. 

30 

24. A method according to claim 22 or 23 wherein said database includes a 
copy of said authentication data. 
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25. A method according to claim 22. 23 or 24 wherein said authentication 
data is not reused. 

26. A method according to any one of claims 17 to 25 wherein said identity 
5 data includes a fixed data string. 

27. A method according to any one of claims 17 to 26 wherein said identity 
data includes a variable data string. 

10 28. A method according to any one of claims 17 to 27 wherein said tag 
identity data is encrypted. 

29. A method according to daim 28 wherein said encryption includes an 
XOR operation of said authentication data and said identity data. 

15 

30. A system for secure communication between an intenrogator and an 
RFID tag substantially as herein described with reference to Figs. 2 to 7 of the 
accompanying drawings. 

20 31. A method for secure communication between an intem)gator and an 
RFID tag substantially as herein described with reference to Figs. 2 to 7 of the 
accompanying drawings. 
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